Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
Arrow up icon
GO TO TOP
Spring Security

You're reading from   Spring Security Effectively secure your web apps, RESTful services, cloud apps, and microservice architectures

Arrow left icon
Product type Paperback
Published in Jun 2024
Publisher Packt
ISBN-13 9781835460504
Length 596 pages
Edition 4th Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Badr Nasslahsen Badr Nasslahsen
Author Profile Icon Badr Nasslahsen
Badr Nasslahsen
Arrow right icon
View More author details
Toc

Table of Contents (28) Chapters Close

Preface 1. Part 1: Fundamentals of Application Security FREE CHAPTER
2. Chapter 1: Anatomy of an Unsafe Application 3. Chapter 2: Getting Started with Spring Security 4. Chapter 3: Custom Authentication 5. Part 2: Authentication Techniques
6. Chapter 4: JDBC-based Authentication 7. Chapter 5: Authentication with Spring Data 8. Chapter 6: LDAP Directory Services 9. Chapter 7: Remember-me Services 10. Chapter 8: Client Certificate Authentication with TLS 11. Part 3: Exploring OAuth 2 and SAML 2
12. Chapter 9: Opening up to OAuth 2 13. Chapter 10: SAML 2 Support 14. Part 4: Enhancing Authorization Mechanisms
15. Chapter 11: Fine-Grained Access Control 16. Chapter 12: Access Control Lists 17. Chapter 13: Custom Authorization 18. Part 5: Advanced Security Features and Deployment Optimization
19. Chapter 14: Session Management 20. Chapter 15: Additional Spring Security Features 21. Chapter 16: Migration to Spring Security 6 22. Chapter 17: Microservice Security with OAuth 2 and JSON Web Tokens 23. Chapter 18: Single Sign-On with the Central Authentication Service 24. Chapter 19: Build GraalVM Native Images 25. Index 26. Other Books You May Enjoy Appendix – Additional Reference Material

What this book covers

Chapter 1, Anatomy of an Unsafe Application, covers a hypothetical security audit of our calendar application, illustrating common issues that can be resolved through the proper application of Spring Security. You will learn about some basic security terminology and review some prerequisites for getting the sample application up and running.

Chapter 2, Getting Started with Spring Security, demonstrates the "Hello World" installation of Spring Security. After that, the chapter walks you through some of the most common customizations of Spring Security.

Chapter 3, Custom Authentication, incrementally explains Spring Security’s authentication architecture by customizing key pieces of the authentication infrastructure to address real-world problems. Through these customizations, you will gain an understanding of how Spring Security authentication works and how you can integrate with existing and new authentication mechanisms.

Chapter 4, JDBC-based Authentication, covers authenticating against a database using Spring Security’s built-in Java Database Connectivity (JDBC) support. We then discuss how we can secure our passwords using Spring Security’s new cryptography module.

Chapter 5, Authentication with Spring Data, looks at the Spring Data project, and how to leverage Jakarta Persistence (JPA) to perform authentication against a relational database. We will also explore how to perform authentication against a document database using MongoDB.

Chapter 6, LDAP Directory Services, will review the Lightweight Directory Access Protocol (LDAP) and learn how it can be integrated into a Spring-Security-enabled application to provide authentication, authorization, and user information services to interested constituents.

Chapter 7, Remember-me Services, demonstrates the use of the remember-me feature in Spring Security and how to configure it. We also explore additional considerations to bear in mind when using it. We’ll add the ability for an application to remember a user even after their session has expired and the browser is closed.

Chapter 8, Client Certificate Authentication with TLS, demonstrates that, although username and password authentication is extremely common, as we discussed in Chapter 1, Anatomy of an Unsafe Application, and in Chapter 2, Getting Started with Spring Security, forms of authentication exist that allow users to present different types of credentials. Spring Security caters to these requirements as well. In this chapter, we’ll move beyond form-based authentication to explore authentication using trusted client-side certificates.

Chapter 9, Opening up to OAuth 2, explains that OAuth 2 is a very popular form of trusted identity management that allows users to manage their identity through a single trusted provider. This convenient feature provides users with the security of storing their password and personal information with the trusted OAuth 2 provider, optionally disclosing personal information upon request. Additionally, the OAuth-2-enabled website offers the confidence that the users providing OAuth 2 credentials are who they say they are.

Chapter 10, SAML 2 Support, will deep dive into the world of Security Assertion Markup Language (SAML 2.0) support and how it can be seamlessly integrated into their Spring Security applications. SAML 2.0 is an XML-based standard for exchanging authentication and authorization data between identity providers (IdPs) and service providers (SPs).

Chapter 11, Fine-Grained Access Control, will first examine two ways to implement fine-grained authorization—authorization that may affect portions of a page of the application. Next, we will look at Spring Security’s approach to securing the business tier through method annotation and the use of interface-based proxies to accomplish Aspect-Oriented Programming (AOP). Then, we will review an interesting capability of annotation-based security that allows for role-based filtering on collections of data. Last, we will look at how class-based proxies differ from interface-based proxies.

Chapter 12, Access Control Lists, will address the complex topic of Access Control Lists (ACLs), which can provide a rich model of domain object instance-level authorization. Spring Security ships with a robust, but complicated, ACL module that can serve the needs of small- to medium-sized implementations reasonably well.

Chapter 13, Custom Authorization, will include some custom implementations for Spring Security’s key authorization APIs. Once we have done this, we will use the understanding of the custom implementations to understand how Spring Security’s authorization architecture works.

Chapter 14, Session Management, discusses how Spring Security manages and secures user sessions. The chapter starts by explaining session fixation attacks and how Spring Security defends against them. It then discusses how you can manage logged-in users and restrict the number of concurrent sessions a single user has. Finally, we describe how Spring Security associates a user with HttpSession and how to customize this behavior.

Chapter 15, Additional Spring Security Features, covers other Spring Security features, including common security vulnerabilities such as cross-site scripting (XSS), cross-site request forgery (CSRF), synchronizer tokens, and clickjacking, and how to protect against them.

Chapter 16, Migration to Spring Security 6, provides a migration path from Spring Security 5, including notable configuration changes, class and package migrations, and important new features, including Java 17 support and new authentication mechanisms with OAuth 2.1.

It also highlights the new features that can be found in Spring Security 6.1 and provides references to examples of the features in the book.

Chapter 17, Microservice Security with OAuth 2 and JSON Web Tokens, looks at microservices-based architectures and how OAuth 2 with JSON Web Tokens (JWT) plays a role in securing microservices in a Spring-based application.

Chapter 18, Single Sign-On with the Central Authentication Service, shows how integrating with a Central Authentication Service (CAS) can provide single sign-on and single logout support to your Spring-Security-enabled applications.

Chapter 19, Build GraalVM Native Images, looks at Spring Security 6 support for building native images using GraalVM. This can be a great way to improve the performance and security of your Spring Security applications.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image